1 roundcube (0.5-3) UNRELEASED; urgency=low
3 * Don't assign "skins" directory to www-data. Closes: #612552.
4 * Add instructions on how to install and upgrade when not using
5 dbconfig-common. We do not ship UPGRADING file any more since it is
6 misleading. Closes: #612511.
7 * Fix MySQL indexes if upgrading from 0.5-2 or lesser. Closes: #610725.
9 -- Vincent Bernat <bernat@debian.org> Wed, 09 Feb 2011 07:32:42 +0100
11 roundcube (0.5-2) experimental; urgency=low
13 * If 0.3.1 was installed from scratch, upgrade does not work on MySQL
14 and PostgreSQL because we try to create an index which already
15 exists. With SQLite, the error is ignored, no fix needed. When using
16 PostgreSQL, fix this by dropping the index if it already
17 exists. Nothing similar seems to exist with MySQL. Therefore, just
18 don't create the index. We need to handle this later. See bug
21 -- Vincent Bernat <bernat@debian.org> Fri, 21 Jan 2011 21:44:05 +0100
23 roundcube (0.5-1) experimental; urgency=low
25 * New upstream release. Closes: #592312.
26 + Drop patches included upstream (DNS prefetching, jQuery 1.4
27 handling, email address validation, duplicate headers, incorrectly
28 formatted received headers). Adapt other patches. One of the patch
29 now correctly states to use dpkg-reconfigure roundcube-core.
31 + Update SQL commands to use to upgrade database.
32 That also closes: #602922. Unfortunately, the user may get some
33 harmless error messages because there is no way to know if
34 0.3.1 was installed from scratch or upgraded from 0.3.
35 + Update dependencies to match INSTALL file. Only exception is the
36 use of Mail_Mime 1.8.0 in place of 1.8.1 which is not available in
37 Debian. We depends on jQuery 1.4.2 because 1.4.4 is not available in
39 + All folders are correctly checked since 0.4. Closes: #552430.
40 + Also, closes: #553194 since it seems to have been fixed too.
41 + There is also the possibility to not top-quote since 0.4.
43 + Closes: #602144. Also fixed.
44 * Move .htaccess to /etc/roundcube and use a symlink (Closes: #591369).
45 * Don't let www-data overwrite debian-db.php. Closes: #608976.
46 * Bump Standards-Version. No changes required.
48 -- Vincent Bernat <bernat@debian.org> Sat, 15 Jan 2011 12:40:27 +0100
50 roundcube (0.3.1-6) unstable; urgency=low
52 * Update Arabic debconf translation, thanks to Ossama Khayat.
54 * Update Portuguese debconf translation, thanks to Christian Perrier.
56 * Add a patch to avoid duplicate boundaries in headers when adding an
57 attachment. Closes: #599586.
59 -- Vincent Bernat <bernat@debian.org> Mon, 18 Oct 2010 23:14:37 +0200
61 roundcube (0.3.1-5) unstable; urgency=low
63 * Depends on php-mail-mime 1.7.0 or more recent to handle correctly
64 'mime_param_folding' directive. Closes: #588295.
65 * Add Danish debconf translation, thanks to Joe Dalton.
67 * Add a patch to fix Received header to behave better with Spam
68 Assassin. Closes: #595204.
70 -- Vincent Bernat <bernat@debian.org> Thu, 02 Sep 2010 07:54:58 +0200
72 roundcube (0.3.1-4) unstable; urgency=low
74 * Update README.Debian to state that the variable to modify is
75 'htmleditor' instead of 'enable_htmleditor'. Thanks to Hans
76 Spaans. Closes: #575556.
77 * Add Brazilian Portuguese debconf translation, thanks to Eder
78 L. Marques. Closes: #581745.
79 * Switch default encoding to UTF-8 instead of ISO-8859-1.
81 * Add more explanations on how to install roundcube in a Debian system
82 in README.Debian. Closes: #584458, #582894.
83 * Bump Standards-Version. No changes required.
84 * Switch to 3.0 (quilt) format.
85 * Use Breaks instead of Conflicts to move files from older roundcube
88 -- Vincent Bernat <bernat@debian.org> Sat, 17 Jul 2010 17:23:30 +0200
90 roundcube (0.3.1-3) unstable; urgency=high
92 * RFC 5321, section 4.5.3.1, asks to not impose any limits on length if
93 possible. We respect this by dropping limitation of the local-part of
94 an email address. Closes: #568360, #568537.
95 * Suggests php-auth-sasl to enable use of SASL mechanisms for mail
96 servers. Closes: #567550.
97 * Disable DNS prefetching to avoid information leakage through links
98 embedded in messages. This fixes CVE-2010-0464. Closes: #569660.
99 * Bump Standards-Version. No changes required.
101 -- Vincent Bernat <bernat@debian.org> Sat, 13 Feb 2010 10:21:49 +0100
103 roundcube (0.3.1-2) unstable; urgency=low
105 * Fix VCS links in debian/control, thanks to Torsten Landschoff.
107 * Really ship NEWS.Debian.
108 * Add changesets 3170 and 3202 from upstream to handle gracefully jQuery
109 1.4. Thanks to Volker Gropp for the report. Closes: #565715.
111 -- Vincent Bernat <bernat@debian.org> Mon, 18 Jan 2010 23:11:01 +0100
113 roundcube (0.3.1-1) unstable; urgency=low
115 * New upstream release.
116 * Add a notice in NEWS.Debian about php.ini options that should be set
117 to get Roundcube working properly. Closes: #549428, #552508.
119 -- Vincent Bernat <bernat@debian.org> Sat, 07 Nov 2009 17:41:37 +0100
121 roundcube (0.3-2) unstable; urgency=low
123 * Really fix #544579 since the default value is null without
124 quotes. This really Closes: #544579.
125 * Enlarge login box to accommodate sk_SK locale. Closes: #542933.
127 -- Vincent Bernat <bernat@debian.org> Sun, 27 Sep 2009 11:26:56 +0200
129 roundcube (0.3-1) unstable; urgency=low
131 * New upstream release. Closes: #545498.
132 * Update debconf translations:
133 + Italian, thanks to Luca Monducci. Closes: #544199.
134 + Czech, thanks to Miroslav Kure. Closes: #546413.
135 * Roundcube configuration now uses 'language' instead of 'locale_string'
136 to specify the default language. Update postinst to reflect this
137 change. Thanks to Richard van den Berg for noticing this. Closes: #544579.
138 * Depends on libjs-jquery (>= 1.3) since this is now used by roundcube.
139 * Don't ship any plugins for now but ship an empty plugins directory.
140 * Ship main .htaccess since it is needed to setup correctly PHP (for
141 example, to disable PHP Suhosin cookie encryption).
142 * Bump Standards-Version. No changes required.
144 -- Vincent Bernat <bernat@debian.org> Sun, 27 Sep 2009 11:00:30 +0200
146 roundcube (0.2.2-1) unstable; urgency=low
148 * New upstream release
149 * Bump Standards-Version. No changes required.
150 * Remove *.js.src which are not needed at runtime.
151 * Don't send email contents to Google by default by using php5-pspell
152 instead. Thanks to Anand Kumria. Closes: #529563.
153 * Update debconf translations:
154 + Basque, thanks to Piarres Beobide. Closes: #534282.
156 -- Vincent Bernat <bernat@debian.org> Sun, 05 Jul 2009 09:53:17 +0200
158 roundcube (0.2.1-2) unstable; urgency=low
160 * Update debconf translations:
161 + German, thanks to Helge Kreutzmann. Closes: #520004.
162 + Japanese, thanks to Hideki Yamane. Closes: #520024.
163 + Spanish, thanks to Francisco Javier. Closes: #526696.
164 + Russian, thanks to Yuri Kozlov. Closes: #528796.
165 * Depend on php-mdb2-* (>= 1.5.0b2) since it is needed to fix some
166 bugs. Closes: #519104, #519293. Remove not needed any more patch from
167 debian/patches/series. Keep it in debian/patches to help backports.
169 -- Vincent Bernat <bernat@debian.org> Sat, 16 May 2009 15:30:17 +0200
171 roundcube (0.2.1-1) unstable; urgency=low
173 * New upstream release:
174 + Fix use_packaged_tinymce.patch to apply to this new version
175 + Remove cve-2009-0413.patch which has been applied upstream
177 -- Vincent Bernat <bernat@debian.org> Sat, 14 Mar 2009 17:42:07 +0100
179 roundcube (0.2~stable-2) unstable; urgency=low
181 * Update debconf translations:
182 + French, thanks to Christian Perrier. Closes: #515806.
183 + Swedish, thanks to Martin Bagge. Closes: #516683.
184 * Drop virtual package roundcube-db and add dependencies on real package
185 instead: this way, we can have versioned dependencies on those to avoid
186 version mismatch between packages.
187 * Add a patch to not use a MDB2 feature not present in the Debian
188 package. Thanks to Grzegorz Sobański for the patch. Closes: #519104.
190 -- Vincent Bernat <bernat@debian.org> Wed, 11 Mar 2009 18:49:32 +0100
192 roundcube (0.2~stable-1) unstable; urgency=low
194 * New upstream version. Closes: #503573, #504570.
195 + Add SQL update scripts for this new release and for
196 0.2~alpha. Remove copy of SQL upgrade script from debian/rules.
197 + Remove patch for CVE-2008-5620 which is now fixed upstream.
198 + Remove patch correcting a vulnerability in html2text.php.
199 + Remove patch fixing login issue. This is fixed upstream.
200 + Remove patch setting the default backend to db instead of mdb2:
201 this is not possible any more. We depend on php-mdb2 now.
202 + Update patch to use packaged tinymce.
203 * Upload to unstable since Lenny is out.
204 * Apply fix for XSS issue (CVE-2009-0413). Closes: #514179.
205 * Remove hack to update a SQLite table for an upgrade from a quite old
206 version of roundcube.
207 * Fix pending l10n issues:
208 + Update English debconf template. Closes: #473794.
209 + Add Swedish translation thanks to Martin Bagge. Closes: #508752.
210 * Fix debian/copyright to make lintian happy.
212 -- Vincent Bernat <bernat@debian.org> Sun, 15 Feb 2009 16:18:58 +0100
214 roundcube (0.2~alpha-4) experimental; urgency=low
216 * Add missing ${misc:Depends} to make Lintian happy.
217 * Add description to each patch.
218 * Execute cron job only if the directory to clean exists.
219 * Reload web server configuration instead of restart, thanks to a patch
220 from Tiago Bortoletto Vaz. Closes: #508633.
221 * Fix a vulnerability in quota image generation. This fixes
222 CVE-2008-5620. Thanks to Nico Golde for reporting it. Closes: #509596.
223 * Add missing dependency on php5-gd, used for quota bar.
224 * For roundcube-pgsql, depends on postgresql-client only. This package
225 is provided by the currently supported real package.
227 -- Vincent Bernat <bernat@debian.org> Thu, 25 Dec 2008 11:38:13 +0100
229 roundcube (0.2~alpha-3) experimental; urgency=high
232 * Fix a vulnerability in the use of preg_replace (Closes: #508628).
233 * Adapt descriptions of roundcube-database packages to refer them as
234 metapackages instead of virtual package (Closes: #495434).
235 * Add robots.txt from upstream, even if in some configuration, it will
236 not be considered (Closes: #499108).
237 * Do not ship .htaccess files. Restrictions are set in Apache or
238 Lighttpd configuration files (Closes: #500202).
241 * Changed versioned dependency of rouncube from binary:Version to
242 source:Version since these are all architecture independent packages.
244 -- Vincent Bernat <bernat@debian.org> Sat, 13 Dec 2008 14:36:02 +0100
246 roundcube (0.2~alpha-2) experimental; urgency=low
249 * Fix lintian warnings introduced by previous upload
250 * Fix lighttpd.conf to make it work with latest versions (Closes: #494044)
251 * Do not prepend path to lighty util in postinst and postrm, as per
252 Policy Manual section 6.1
253 * Ship a bug/control file to have all bugs submitted against roundcube
255 * Fix debian/roundcube-core.cron.daily to use
256 /etc/default/roundcube-core instead of /etc/default/roundcube which
257 should not exist any more
260 * Versioned roundcube-core dependency for roundcube
262 -- Vincent Bernat <bernat@debian.org> Sat, 16 Aug 2008 13:22:08 +0200
264 roundcube (0.2~alpha-1) experimental; urgency=low
266 * New upstream release
267 * Update debian/watch file to correctly consider those new releases
268 * Remove the following patches:
269 + messageid-headers-ordering
271 + disable-tinymce-spellchecker
272 * Update the following patches:
273 + correct_install_path
274 + use_packaged_tinymce
275 * Add a new patch to fix a login problem
276 * Depends on tinymce >= 3
278 -- Vincent Bernat <bernat@debian.org> Sun, 22 Jun 2008 14:10:44 +0200
280 roundcube (0.1.1-7) unstable; urgency=low
282 * Another fix for incorrect tinymce path. This should be the last one!
284 -- Vincent Bernat <bernat@debian.org> Sun, 22 Jun 2008 12:36:59 +0200
286 roundcube (0.1.1-6) unstable; urgency=low
288 * Fix use_packaged_tinymce patch which was incorrect after switch to
291 -- Vincent Bernat <bernat@debian.org> Sun, 22 Jun 2008 12:19:16 +0200
293 roundcube (0.1.1-5) unstable; urgency=low
295 * Fix ordering of message-id in message headers, thanks to Reinhard
296 Tartler (Closes: #486493)
297 * Update Standards-Version to 3.8.0
299 -- Vincent Bernat <bernat@debian.org> Tue, 17 Jun 2008 00:33:40 +0200
301 roundcube (0.1.1-4) unstable; urgency=low
303 * Add Slovak debconf translation, thanks to Ivan Masár (Closes: #481376)
304 * Fix debian/copyright:
305 + RoundCube is GPL-2 licensed, not GPL-2+
306 + Add an explanation on the BSD license present at the top of
307 index.php (Closes: #477119)
308 * We do not support tinymce 3, yet. Depends on tinymce2 | tinymce (<<
309 3). Closes: #481145, #483053, #482295
311 -- Vincent Bernat <bernat@debian.org> Tue, 20 May 2008 20:51:52 +0200
313 roundcube (0.1.1-3) unstable; urgency=low
315 * Fix an error introduced when fixing bug #476803. Thanks to Micah
316 Anderson for spotting it (Closes: #479775).
317 * Avoid to pop language question at every upgrade. Thanks to Ivan Vucica
318 for spotting this. The problem lied in the use of db_metaget to get
319 the value of a key set by db_subst in a previous invocation. It seems
320 this is not possible any more (Closes: #480043). The fix implies that
321 we won't ask the question again if more languages are available since
324 -- Vincent Bernat <bernat@debian.org> Thu, 08 May 2008 09:50:24 +0200
326 roundcube (0.1.1-2) unstable; urgency=low
328 * Comment by default Alias directive for tinymce in Apache configuration
329 file (Closes: #476162).
330 * Allow to preseed language value (Closes: #476803).
332 -- Vincent Bernat <bernat@luffy.cx> Sat, 19 Apr 2008 16:50:28 +0200
334 roundcube (0.1.1-1) unstable; urgency=low
336 * New upstream release
337 - Copy old SQL upgrade scripts into debian/sql to allow upgrade from
338 versions older than 0.1
339 - Patch new MySQL upgrade script to fix a typo
340 * Debconf translation updates:
341 - Spanish. Closes: #473788
342 * Depends on php-mail-mime (>= 1.5.0) and drop compatibility patch
343 * Install upstream changelog in /usr/share/doc/roundcube*
345 -- Vincent Bernat <bernat@luffy.cx> Sat, 05 Apr 2008 18:16:33 +0200
347 roundcube (0.1-4) unstable; urgency=low
349 * Debconf translation updates:
350 - French. Closes: #469802
351 - Russian. Closes: #469847
352 - Galician. Closes: #469866
353 - German. Closes: #469875
354 - Finnish. Closes: #469922
355 - Italian. Closes: #469987
356 - Czech. Closes: #470150
357 - Portuguese. Closes: #470156
358 - Spanish. Closes: #470732
359 - Basque. Closes: #470871
360 - Arabic. Closes: #471470
362 -- Vincent Bernat <bernat@luffy.cx> Sat, 08 Mar 2008 11:15:00 +0100
364 roundcube (0.1-3) unstable; urgency=low
366 * Fix problem with too old php-mail-mime package (Closes: #469814)
368 -- Vincent Bernat <bernat@luffy.cx> Fri, 07 Mar 2008 11:06:49 +0100
370 roundcube (0.1-2) unstable; urgency=low
372 * Ship bin/ directory as well. This fix conversion from HTML to text in
374 * Disable spellchecker for tinymce since it is not shipped with Debian
377 -- Vincent Bernat <bernat@luffy.cx> Fri, 07 Mar 2008 09:42:39 +0100
379 roundcube (0.1-1) unstable; urgency=low
381 * New upstream release (Closes: #469487).
382 - This release seems to fix failure to set some fields when replying,
383 with bincimap as IMAP server (Closes: #443562)
384 - It also fixes the deletion of multiple messages, still with
385 bincimap (Closes: #451404)
386 * Remove 'ob_gzhandler.patch' and 'xss-fix.patch'. They have been
388 * Upstream has switched to MDB2 database backend which is not packaged
389 in Debian yet. We switch back to old backend.
390 * Fix debian/watch to handle correctly detection of new versions.
391 * Add support for lighttpd and remove support for older version of
392 Apache. The debconf question about webserver autoconfiguration is
393 reworded (Closes: #462961).
394 * Do not depend on a specific revision of cdbs.
395 * Move po-debconf from Build-Depends-Indep to Build-Depends since it is
396 needed for clean target.
397 * Correct path to /usr/share/file/magic, provided by libmagic1. Provide
398 license information about this file in debian/copyright.
400 -- Vincent Bernat <bernat@luffy.cx> Wed, 05 Mar 2008 20:49:03 +0100
402 roundcube (0.1~rc2-6) unstable; urgency=high
404 * Bug fix: "CVE-2007-6321: Cross-site scripting (XSS) vulnerability",
405 thanks to Micah Anderson (Closes: #455840). The patch is from
406 http://lists.roundcube.net/mail-archive/dev/2007-12/0000038.html and
407 provided by Robin Elfrink. It has been modified with some functions
408 stolen from Squirrelmail.
409 * Finnish debconf template, thanks to Esko Arajärvi (Closes: #458244).
411 -- Vincent Bernat <bernat@luffy.cx> Sat, 29 Dec 2007 21:55:17 +0100
413 roundcube (0.1~rc2-5) unstable; urgency=low
415 * Deal with old /etc/logrotate.d/roundcube by removing it if left
416 untouched (Closes: #456546). Also deal with /etc/default/roundcube and
417 /etc/cron.daily/roundcube.
419 -- Vincent Bernat <bernat@luffy.cx> Tue, 18 Dec 2007 23:02:46 +0100
421 roundcube (0.1~rc2-4) unstable; urgency=low
423 * Thightened dependencies for a safe upgrade
424 * Finally removed any circular dependency, -db packages no longer pull
425 a full roundcube install
427 -- Romain Beauxis <toots@rastageeks.org> Sun, 09 Dec 2007 14:24:24 +0100
429 roundcube (0.1~rc2-3) unstable; urgency=low
432 * Bumped standard version to 3.7.3 (no changes)
434 -- Romain Beauxis <toots@rastageeks.org> Sun, 09 Dec 2007 14:19:28 +0100
436 roundcube (0.1~rc2-2) experimental; urgency=low
439 * Fix a conflict between ob_gzhandler and zlib output compression,
440 thanks to kaouete (Closes: #450482).
443 * Fix tinymce patch and inclusion
445 * Splitted virtual packages to avoid circular dependencies.
446 Uploading to experimental, as this is an important change and we may
449 -- Romain Beauxis <toots@rastageeks.org> Mon, 26 Nov 2007 11:54:21 +0100
451 roundcube (0.1~rc2-1) unstable; urgency=low
453 * New upstream, thanks to Nicolas Stransky (Closes: #447503). This
454 release support tinymce as HTML editor. Look at README.Debian for more
456 * Update Galician debconf template, thanks to Jacobo Tarrio (Closes: #447943).
458 -- Vincent Bernat <bernat@luffy.cx> Mon, 29 Oct 2007 22:08:43 +0100
460 roundcube (0.1~rc1-3) unstable; urgency=low
462 * In respect to policy 12.3, do not put main.inc.php.dist in
463 /usr/share/doc, thanks to Jonas Smedegaard (Closes: #446502).
464 * Update German and French debconf templates, thanks to Christian
465 Perrier (Closes: #446458) and Helge Kreutzmann (Closes: #446532).
467 -- Vincent Bernat <bernat@luffy.cx> Sun, 14 Oct 2007 08:41:24 +0200
469 roundcube (0.1~rc1-2) unstable; urgency=low
471 * Fix dependencies by creating virtual packages for each database
472 backend, thanks to Joey Hess (Closes: #444925).
474 -- Vincent Bernat <bernat@luffy.cx> Tue, 02 Oct 2007 20:09:19 +0200
476 roundcube (0.1~rc1-1) unstable; urgency=low
478 * New upstream release
479 * Removed non gpl file des.inc
481 -- Romain Beauxis <toots@rastageeks.org> Tue, 24 Jul 2007 13:36:20 +0200
483 roundcube (0.1~rc1~dfsg-3) unstable; urgency=low
485 * Add php5-mcrypt dependency (Closes: #431177)
487 -- Vincent Bernat <bernat@luffy.cx> Sat, 30 Jun 2007 19:36:21 +0200
489 roundcube (0.1~rc1~dfsg-2) unstable; urgency=low
491 * Removed custom unix_timestamp for sqlite: solved upstream
492 * Debconf templates and debian/control reviewed by the debian-l10n-
493 english team as part of the Smith review project.
494 Closes: #426086, #427546, #427546
495 * Debconf translation updates:
496 - Galician. Closes: #426140
497 - Basque. Closes: #426150
498 - Czech. Closes: #426428
499 - Portuguese. Closes: #426451
500 - Arabic. Closes: #427110
501 - Italian. Closes: #427206
502 - German. Closes: #427536
503 - French. Closes: #427736
504 - Tamil. Closes: #428254
505 - Russian. Closes: #428364
506 - Spanish. Closes: #428573
508 -- Romain Beauxis <toots@rastageeks.org> Tue, 05 Jun 2007 15:22:36 +0200
510 roundcube (0.1~rc1~dfsg-1) unstable; urgency=low
513 * New upstream release
514 * Update script for sqlite in postinst
516 * Fixed dh_link calls
518 * Added custom patch to use php unix timestamp support
519 with sqlite since UNIX_TIMESTAMP is not supported by sqlite.
520 * Dropped php4 dependencies
522 -- Vincent Bernat <bernat@luffy.cx> Sun, 20 May 2007 13:59:44 +0200
524 roundcube (0.1~beta2.2~dfsg-2) unstable; urgency=low
526 * Fix a security issue by disallowing access to logs.
527 * First upload to unstable.
529 -- Vincent Bernat <bernat@luffy.cx> Sat, 5 May 2007 00:23:40 +0200
531 roundcube (0.1~beta2.2~dfsg-1) experimental; urgency=low
533 * Initial release. (Closes: #333756, #344949)
535 -- Romain Beauxis <toots@rastageeks.org> Tue, 13 Mar 2007 13:28:05 +0100